A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across […]
Shanya EDR Killer: The New Favorite Tool for Ransomware Operators
A sophisticated new “packer-as-a-service” tool known as Shanya has emerged in the cybercriminal underground, rapidly becoming a preferred weapon for major ransomware groups looking to […]
Critical Cal.com Flaw Allows Attackers to Bypass Authentication Using Fake TOTP Codes
Cal.com has disclosed a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to user accounts by exploiting a flaw in password […]
Indonesia’s Gambling Industry Reveals Clues of Nationwide Cyber Involvement
A massive Indonesian-speaking cybercrime operation spanning over 14 years has been uncovered, revealing a sophisticated infrastructure that shows hallmarks of state-level backing and resources typically […]
Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission
CSO Germany: The energy sector is increasingly becoming a target for cybercriminals. Experts and the Federal Office for Information Security (BSI) believe that protection in this area […]
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control […]
Offensive security takes center stage in the AI era
Sara Madden is looking to take a more offensive approach to safeguarding her company. The Convera CISO wants to add a red team to stress […]
New wave of VPN login attempts targets Palo Alto GlobalProtect portals
A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. […] The original […]
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised […]
Portugal updates cybercrime law to exempt security researchers
Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. […] […]